Lucene search

[email protected]CVE-2013-1813

HistoryNov 23, 2013 - 11:55 a.m.

CVE-2013-1813

2013-11-2311:55:04

CWE-264

[email protected]

web.nvd.nist.gov

374

busybox

cve-2013-1813

util-linux

mdev.c

0777 permissions

local users

attack vectors

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

Node

t-mobiletm-ac1900Match3.0.0.4.376_3169

Node

busyboxbusyboxRange≤1.20.2

busyboxbusyboxMatch0.38

busyboxbusyboxMatch0.39

busyboxbusyboxMatch0.40

busyboxbusyboxMatch0.41

busyboxbusyboxMatch0.42

busyboxbusyboxMatch0.43

busyboxbusyboxMatch0.45

busyboxbusyboxMatch0.46

busyboxbusyboxMatch0.47

busyboxbusyboxMatch0.48

busyboxbusyboxMatch0.49

busyboxbusyboxMatch0.50

busyboxbusyboxMatch0.51

busyboxbusyboxMatch0.52

busyboxbusyboxMatch0.60.0

busyboxbusyboxMatch0.60.1

busyboxbusyboxMatch0.60.2

busyboxbusyboxMatch0.60.3

busyboxbusyboxMatch0.60.4

busyboxbusyboxMatch0.60.5

busyboxbusyboxMatch1.00

busyboxbusyboxMatch1.01

busyboxbusyboxMatch1.1.0

busyboxbusyboxMatch1.1.1

busyboxbusyboxMatch1.1.2

busyboxbusyboxMatch1.1.3

busyboxbusyboxMatch1.2.0

busyboxbusyboxMatch1.2.1

busyboxbusyboxMatch1.2.2

busyboxbusyboxMatch1.2.2.1

busyboxbusyboxMatch1.3.0

busyboxbusyboxMatch1.3.1

busyboxbusyboxMatch1.3.2

busyboxbusyboxMatch1.4.0

busyboxbusyboxMatch1.4.1

busyboxbusyboxMatch1.4.2

busyboxbusyboxMatch1.5.0

busyboxbusyboxMatch1.5.1

busyboxbusyboxMatch1.6.0

busyboxbusyboxMatch1.6.1

busyboxbusyboxMatch1.7.0

busyboxbusyboxMatch1.7.1

busyboxbusyboxMatch1.7.2

busyboxbusyboxMatch1.7.3

busyboxbusyboxMatch1.8.0

busyboxbusyboxMatch1.8.1

busyboxbusyboxMatch1.8.2

busyboxbusyboxMatch1.9.0

busyboxbusyboxMatch1.9.1

busyboxbusyboxMatch1.9.2

busyboxbusyboxMatch1.10.0

busyboxbusyboxMatch1.10.1

busyboxbusyboxMatch1.10.2

busyboxbusyboxMatch1.10.3

busyboxbusyboxMatch1.10.4

busyboxbusyboxMatch1.11.0

busyboxbusyboxMatch1.11.1

busyboxbusyboxMatch1.11.2

busyboxbusyboxMatch1.11.3

busyboxbusyboxMatch1.12.0

busyboxbusyboxMatch1.12.1

busyboxbusyboxMatch1.12.2

busyboxbusyboxMatch1.12.3

busyboxbusyboxMatch1.12.4

busyboxbusyboxMatch1.13.0

busyboxbusyboxMatch1.13.1

busyboxbusyboxMatch1.13.2

busyboxbusyboxMatch1.13.3

busyboxbusyboxMatch1.13.4

busyboxbusyboxMatch1.14.0

busyboxbusyboxMatch1.14.1

busyboxbusyboxMatch1.14.2

busyboxbusyboxMatch1.14.3

busyboxbusyboxMatch1.14.4

busyboxbusyboxMatch1.15.0

busyboxbusyboxMatch1.15.1

busyboxbusyboxMatch1.15.2

busyboxbusyboxMatch1.15.3

busyboxbusyboxMatch1.16.0

busyboxbusyboxMatch1.16.1

busyboxbusyboxMatch1.16.2

busyboxbusyboxMatch1.17.0

busyboxbusyboxMatch1.17.1

busyboxbusyboxMatch1.17.2

busyboxbusyboxMatch1.17.3

busyboxbusyboxMatch1.17.4

busyboxbusyboxMatch1.18.0

busyboxbusyboxMatch1.18.1

busyboxbusyboxMatch1.18.2

busyboxbusyboxMatch1.18.3

busyboxbusyboxMatch1.18.4

busyboxbusyboxMatch1.18.5

busyboxbusyboxMatch1.19.0

busyboxbusyboxMatch1.19.2

busyboxbusyboxMatch1.19.3

busyboxbusyboxMatch1.19.4

busyboxbusyboxMatch1.20.0

busyboxbusyboxMatch1.20.1

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq6.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	6.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965

git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784

lists.busybox.net/pipermail/busybox/2013-January/078864.html

packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

rhn.redhat.com/errata/RHSA-2013-1732.html

seclists.org/fulldisclosure/2019/Jun/18

seclists.org/fulldisclosure/2020/Aug/20

seclists.org/fulldisclosure/2020/Mar/15

seclists.org/bugtraq/2019/Jun/14

support.t-mobile.com/docs/DOC-21994

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-1813

openvas7 debiancve1 redhat2 ubuntucve1 veracode1 nessus7 prion1 centos1 oraclelinux1 mageia1 nvd1 cvelist1 gentoo1 packetstorm3 debian2